Article Content

This article provides steps on how to have one RSA SecurID software token installed on multiple devices.

Resolution

Authentication Manager 7.1

When the token is first issued and distributed, use a device type of Generic AES 128, and Issue the token as an .sdtid token file. The token file generated must be carefully secured, as this can be imported into any type of software token device (may need additional post-processing). If the file is no longer available, it can be redistributed to generate the same tokencodes, by making sure the checkbox for regenerate the tokencodes is NOT checked. Note that this option must be selected before the token is first issued.

Authentication Manager 8.X

Authentication Manager 8.x no longer includes the option to NOT regenerate the token when distributing, as this can create a security vulnerability. The only choices are to have the old .sdtid file stored and distributed very securely, or to create a new file and distribute to all devices.

Notes

RSA Security recommends that a unique software token is used for each user and each device.CT-KIP will regenerate the seeds during the negotiation steps, which will make the token on the original device on which it was installed invalid.